Microsoft's MSN web portal is the latest high profile website to be used by cyber criminals for a mass scale malvertising attack. The website is the default homepage of the Internet Explorer web browser and receives millions of daily visitors. Malvertising is the practice of injecting malicious content into online advertising networks with the intent of attacking users. The malicious content can range from re-directing unsuspecting users to fake websites to earn advertising revenue, stealing users’ personal information or outright infecting their machines with a computer virus. 

The past few months have seen a significant spike in cyber criminals utilizing online advertising to attack users. In early August, Yahoo confirmed that hackers had used a Flash vulnerability to infect its users through advertisements on its network of websites. Yahoo’s web properties receive approximately 6.9 billion visitors per month and the attack lasted for seven days, so the campaign had the chance to compromise millions of user machines. Additional sites that have been compromised with malvertising this year include AOL, the dating website PlentyOfFish and news site The Huffington Post. Cyber security researchers at Cyphort reported a 325% increase in malvertising during 2014. Based on the amount of high profile malvertising campaigns this year that number will probably be higher in 2015.

As a result of malvertising attacks that utilized existing exploits in the Adobe Flash platform, Google plans to discontinue Flash-based advertisements on its network as of September 1sts. The Register believes that the US Congress will intervene to regulate the online advertising industry, as self-regulation is seemingly ineffective against increasing attacks of high profile target websites that attract millions of users. According to a study conducted by the Association of National Advertisers, advertising fraud will cost advertisers approximately $6.3 billion in 2015.